Start by making sure your RAS users and direct customers (your network's edge) can only output packets that contain their valid source address. If everyone did this, all of the world's problems would go away; Ozone depletion, world hunger, that silly rain forest thing, Smurfs and DoS and maybe even Microsoft! :-) Best regards, David Van Allen - FASTNET(tm) / You Tools Corporation dave@fast.net (888)321-FAST(3278) http://www.fast.net FASTNET - Business and Personal Internet Solutions -----Original Message----- From: Eric Wieling [mailto:eric@ccti.net] Sent: Tuesday, January 20, 1998 9:45 AM To: nanog@merit.edu Subject: Reporting Little Blue Men Just about every night someone(s) tries to use us as the "innocent third party" in smurf attacks. Of course, we block and log all the broadcast packets. Is there any point in trying to report these attacks? Who would we report them to? We don't know what the source is, after all the address is spoofed. It seems kind of pointless to notify the victim -- they already know they have been smurfed. I want to do my part to try to stop attacks, but I'm baffled on this one. --Eric -- Eric Wieling (eric@ccti.net), Chesapeake Communications Corporation Sales: sales@ccti.net 504-585-1850, Support: support@ccti.net 504-525-5449 We have changed our name! Corporate Communications Technology is now known as Chesapeake Communications Corporation.